You guessed it. They’ve been caught shipping their customers computers laden with privacy-unfriendly malware, showing that they haven’t learned the lessons from the public outcry over Superfish.

This particular piece of malware runs daily, and collects personal usage data, which is then surreptitiously forwarded to Omniture – an online marketing and web analytics firm that was acquired by Adobe in 2009.

Bizarrely, this particular piece of malware found its way to Lenovo’s ThinkPad, ThinkCentre and ThinkStation PCs. These are the higher-end machines in Lenovo’s lineup, costing as much as an equivalent Apple Computer, and are aimed at power and business users.

Lenovo Is Spying On You

Horowitz recently purchased two laptops from IBM. The first was a ThinkPad T520, the second was a ThinkPad T420. Both were refurbished, and shipped with fresh installations of Windows 7 Professional.

Shortly after acquiring them, he installed TaskSchedulerView. This is a freeware application from NirSoft that makes it simple to see what tasks are scheduled in Windows. In both laptops, he found an entry that concerned him. Each day, his computers were running a program called the“Lenovo Customer Feedback Program 64”.

The identity of the makers of this program is obvious. Its author was “Lenovo”, and the accompanying description said: “This task uploads Customer Feedback Program data to Lenovo”. Actually, it was going to Omniture, the marketing company we mentioned earlier. It’s not totally clear what data they were collecting.

Later in this post, we’re going to talk about how you can remove the Lenovo Customer Feedback Program if you’ve got an affected machine. But first, it’s probably a good idea to start talking about the multiple crimes against privacy Lenovo have committed in the past few months.

In short, last year Lenovo shipped a bunch of low-to-mid-end laptops with a piece of software called SuperFish. In Lenovo’s own words, this was to empower consumers to “find and discover products visually”. But really, it was a nasty piece of malware that hijacked users’ web browsers, and inserted their own adverts.

Unbeatable, BIOS-Based Malware

August this year, it transpired Lenovo had loaded laptops with unwanted malware that couldn’t be removed by wiping your computer.

Let that set in for a second. If you replaced your hard drive and re-installed Windows, you’d still be stuck with it. Your only option would be to either return the laptop to the manufacturer, or install an alternative OS like Linux or BSD.

This malware was hidden in the laptop’s firmware, and abused the anti-theft feature in Windows 8 and 10. Whenever the laptop booted up, the executable would be extracted from the firmware at boot-up and installed. Because it was in the firmware, it was persistent.

Lenovo used this to force the OneKey Optimizer on consumers. This, as Ars Technica pointed out, does some useful system maintenance like update system drivers. But it also does some task of questionable value, like performance “optimizations” and cleaning “system junk files”.

It didn’t help that the OneKey Optimizer is filled with security issues. There are buffer overflows and insecure network connections galore. It’s certainly not something you’d install of your own volition.

Lenovo have stopped shipping laptops with the dodgy firmware, and have issued replacement firmware for affected laptops.

As you can see, Lenovo is a bit of a recidivist in when it comes to disrespecting their customer’s privacy. But how do you deal with the current Lenovo screw-up-du-jour?

How To Fix It

Knowing is the first battle. If your laptop is a ThinkStation, ThinkCenter, or a ThinkPad, you’re potentially infected. First, grab a copy of TaskSchedulerView, and have a look to see if there’s “Lenovo Customer Feedback Program 64” running.

If it’s there, bad luck. Lenovo has been spying on you. That said, you’ve got a few options:

Manually remove it from the control panel. Here, it’s listed in Programs and Features. Click Uninstall, and follow the dialogs until you’re done.

After 90 days, the malware will ultimately delete itself. Although, I wouldn’t recommend you wait that long, as who knows what it’s phoning home with.

Please Stop Buying Lenovo Products

Lenovo haven’t learned their lessons. They don’t respect their customers. They don’t respect your privacy or security. You shouldn’t buy their products.

Moreover, it shows a blatant lack of respect for their users. If you buy a laptop (and remember, ThinkPads are expensive), you should expect the business relationship to end once you’ve taken ownership of it, except for when it comes to warranties and support. You certainly shouldn’t expect your laptop manufacturer to actively surveil you for their own benefit.

I know this post is old at least 1year . First I have to say sorry for not having a good control of English . I purchased a Lenovo laptop 2014 , wonderful , it worked like a charm , but then 2015 I installed windows 10 update to windows 7 sp1 and hell broke loose .With the automatic updates I got all Lenovo's curses : Costumer feedback ,Lenovo driver , Platform service, PM service . My computer started to have a mind on it's own : restarting randomly , freezing , crashing , the mouse won't work , I had to unplug to restart . And to make the story shorter , I reinstalled windows at least 3 times . But Lenovo came back at me with windows 10 automatic updates from Microsoft . I uninstalled everything from Lenovo and what do you know , in one hour everything was back . And so on every day . After uninstalling all crap Lenovo, computer works fine ,until they appear again . I got red of Automatic updates ,Cortana and One drive but Lenovo still install all crap back . So is not Lenovo had me killed is Microsoft allowing all .What do they care my computer is Lenovo ?
I just think they are together in this . Microsoft have to update windows 10 not computers and drivers . Worst of all , there is no fix for such a fraud , They got my money when I purchased the laptop now they want my life .Thanks Microsoft and Lenovo .Shame on you .

I have conflicted since last Noevember with a PUP brought by UltraUnzip. I never suspected such a software as I though it was preinstalled and when I realised that UltraUnzip was the problem I thought that maybe I installed it by mistake when preparing my new PC for use. Now your article had spur a second thought - maybe I was right and it came to me preinstalled.

One type of data collection stops after 90 days, they say, the other does not. The other also does not appear in the list of installed software which is why you have to hack the task scheduler to stop it from running. Or, you can find and modify the dozen programs that feed it data and turn off the data collection in each of them.

Anyone who uses Windows 10, Android, or web browsers without clearing their entire cache every day and using a proxy is in the same boat as Lenovo users. People seem to pick and choose the privacy invasions they're going to be offended by nowadays. If you really want privacy, then you can start by using a Linux distribution and a VPN and even then it's not going to protect you from the government.

There simply aren't many companies making enterprise-grade client computer product lines. For portable computers, Dell has Latitude and Precision. Toshiba has Tecra and HP has Elitebook... and Lenovo has Thinkpad. That's it. That's the list. Maybe throw in Surface devices from Microsoft and/or Macbook Pros if you're feeling charitable.

Of those, Lenovo is the only company that offers a global warranty. It also has a long history of shipping extremely rugged, modular hardware that's easily serviced. There's a reason Thinkpad hardware is highly regarded by techies and businesspeople alike.

I don't have any machines impacted by the current issue, though I do have Tx20 and Tx30 machines (I'm actually typing on a T420 right now). I spot-checked a couple machines and can't find the indicated software on any of them. I'm not sure what OS media or Windows licensing model was used to load Windows on the computers in the article, it is at the very least something optional and probably tied to either OEM media or optional Lenovo-branded software that a technician would have to add after the fact. I checked machines running Windows 7 Enterprise, a Lenovo Windows 7 Pro (Lenovo OEM license) and retail Windows 10 Pro.

I'm not going to install OneKey Optimizer, but on the surface, it looks very similar to the PC Doctor software that used to ship with most Windows-based laptops. "Optimizers" of any provenance are dubious at best, but software of similar function (less the apparently reporting to a third party) has shipped with branded OEM PCs for at least the last decade.

Is OneKey actually Malware? Maybe. I think I might break out a Network traffic monitor and see what it's actually sending out. It might be the same sort of BS telemetry that Windows 10 sends to Microsoft (or, hey, that OSX sends to Apple and Android sends to Google) or other fairly innocuous information.

In any case, it's not forced on your by your system firmware. It does seem to be something that can be removed and it also appears to be an optional install in the first place.

I'm not saying that there's nothing to worry about or that there isn't an ongoing breach of trust between Lenovo and people using its products, but this does not appear to be an issue on the same level as Superfish and there's really no reason to scream fire in a crowded theater. I especially don't think that the issue as it presently stands is a good reason to boycott Lenovo.

Matthew Hughes is a software developer and writer from Liverpool, England. He is seldom found without a cup of strong black coffee in his hand and absolutely adores his Macbook Pro and his camera. You can read his blog at http://www.matthewhughes.co.uk and follow him on twitter at @matthewhughes.